Autopilot deployment app count jumping around
Hi All! Just a quick post for some clarification. We have multiple Intune deployments for different clients and something we have noticed on at least two of them in the past few days is during the App deployment for autopilot we are noticing that the app count seems to jump around a bit. For example we had a deployment that was on the account setup stage on 5 out of 7 apps, I check it again a couple minutes later and for some reason it is now on 4 out of 7 apps installed. Sometimes it jumps up and down between those two app installs. It does not happen every single time but just wanted to know if anyone else has experienced this? The deployment generally still goes through but just want to to try and find a cause to address before it becomes an issue. Also note that the continue anyway button also shows up despite the deployment still being active sometimes. Thanks in advance!
Intune Proactive Remediation Script Not Working for Normal Users on AVD Multi-Session
Scenario: We are using Azure Virtual Desktop (AVD) multi-session machines that are Azure AD joined and enrolled in Intune. These machines are part of an Application Group where normal Azure AD users are assigned. Users can successfully log in to the AVD session host. What We Are Doing: We are deploying a Proactive Remediation script (now called Remediations) via Intune. The script is designed to show a confirmation popup to the user. In the script package settings, we have selected: > Run this script using the logged-on credentials (i.e., run in user context) What Works: When a Global Administrator logs in to the AVD machine, the popup appears as expected. Logs and script output are generated correctly. What Doesn’t Work: When a normal user logs in (non-admin Azure AD user), the script: Does not show the popup Does not generate logs Appears to not run at all What We Suspect: The issue may be related to lack of local administrator rights for normal users. Since we are using AVD, we are not logging in with local machine administrators. We understand that system context would allow the script to run regardless of user login, but we specifically need user context to show the popup. Questions: Is this expected behavior for Proactive Remediation scripts in user context on AVD multi-session machines? Do normal users need to be local administrators for the script to run properly in user context? Is there a supported way to show popups or UI prompts to normal users via Intune scripts on AVD? Are there any official Microsoft documents or best practices that explain this behavior or provide a workaround? Additional Info: We are using Windows 10/11 Enterprise multi-session Devices are Azure AD joined Scripts are encoded in UTF-8, and logging is implemented Licensing is compliant with Intune and AVD requirements If anyone has encountered this issue or has documentation or a workaround, your help would be greatly appreciated!
Resource Explorer not populating
The Device Resource Explorer is currently only displaying CPU information. Despite this, I have a Properties catalog profile configured with all available settings enabled. The policy shows a 100% success rate. All devices assigned to this policy are running Windows 11 Enterprise 24H2. The Per Setting status from the policy indicates 0 errors and 0 conflicts, with successful data collection for Battery, CPU, Disk Drive, Encryptable Volume, Logical Drive, Memory Info, Network Adapter, OS Version, etc. Any assistance in resolving this issue would be greatly appreciated.Defender Browser Protection Extension for Chrome
Has any one noticed how pointless this extension is? Deployed using Intune with tamper protection so the user is forced to use it, but Microsoft has built in a disable feature to the extension that can not be controlled, or can it? Any ideas on how to harden this, or something for Microsoft to fix? Tamper Protection enabled: User can bypass by disabling the protection:
About Remove device from Apple Bussiness Manager
Hi All, Does anyone know the correct steps to completely remove the device from apple bussiness manager? I execute Release to my iPad on ABM , it also displays device released, but my iPad still shows that it is still managed remotely and and still show on ABM. So anyone knows the how to correct complete removal method apple The steps of the device?
Feature Upgrade W11 24H2 not pushing why?
Hi, community i create a feature upgrade to 24H2 who is Rollout immediate start,i have computer who are already either in 21H2/22H2/23H2, and also W10 who are W11 readiness. I dont understand why some are passing a lot of others are still stuck in there build. last thing that i want it's to do a in place upgrade. Is there someone in the community who have the same issue and any solution that i can push for my hundreds of laptop who are stuck. thank you so much for your help it will be a lot :)User Profile Deletion
Hi, I have encountered an error when using Intune to delete user profiles. I am new to this and have put bits and pieces together from multiple sources to try and compile a script. I am using a Detect and Remediation Script deployed via Devices > Scrips and Remediation in Intune, to Windows 10 Enterprise 22H2 and Windows 11 Enterprise 24H2. I will attach scripts at the end. My issue is, the scripts detect and remediate as intended on devices that i have recently enrolled. However, we have devices that will have been enrolled in 2023 which doesn't seem to allow the scripts to run. If I then run an autopilot reset on the device, the scripts work fine. The scripts essentials look for user profiles in C:\Users and remove them if they are older than 1 hour. We want to keep disk space as free as possible especially on the lower spec devices. It ignores SYSTEM and any Admin user folder, as we have a separate script to delete the LAPSAdmin only at 8pm, when the workplace is closed. Note: The LAPSAdmin script worked on the older devices before the where autopilot reset. Does anyone know why this could be the case? Does the 1 hour check have issues reaching profiles that are over 2 years old or is there an issue in the script. Thanks, DeanIs it really impossible to force an Intune sync from the command line?
Is it really not possible to force an Intune sync on a client computer from the command line? It seems like such a simple thing to do. Rather than make me dig 3 subpages deep to click a button, just let me fire off a DOS command and get on with my day. I'm familiar with the MS-Graph method, but honestly, clicking a "Sync" button should never be as complicated as that. I'm also familiar with Michael Neihaus' method... Get-ScheduledTask | ? {$_.TaskName -eq 'PushLaunch'} | Start-ScheduledTask That has never worked, but don't tell anyone because there are a lot of admins out there who think it does, and I'd hate to spoil their day. Am I just too dim to figure this out or is there really no way to sync from a CLI? Thanks,
Time Zone configuration profiles and policies
Hello, I'm trying to find out the way to control "automatic time zone change" option to allow users to turn it off or on. On the Intune side there is a configuration profile using OMA-URI settings ("./Device/Vendor/MSFT/Policy/Config/UserRights/ChangeTimeZone" with string "LOCAL SERVICEAdministratorsUsers"). This one controls whether user can change the Time Zone manually in the Control Panel (the old school way) and it also reflects in the Settings when the "Set time zone automatically" is turned off however we have some users that have this option greyed out and I have not found a way how to change this from the Intune side. Users are normally standard users and they do not have administrative rights by default but they should be able to change some of the settings when they invoke "elevation mode" eg in the 1st picture below if I would switch "Set time zone automatically" on I would be presented with authentication dialog and after authentication the setting would turn on. 1st case - user can change the "set time zone automatically" option on/off but is not in the group that is allowed to manually change the time zone hence it does not even show the time zone choices (this reflects the configuration profile mentioned above) 2nd case - user can change the "set time zone automatically" option on/off and is in the group that is allowed to manually change the time zone => shows additional options Time Zone and DST. 3rd case - user can not change the "set time zone automatically" option at all means can't change the TZ or DST in Settings, but is able to change time zone via Control Panel (see below) And the question for the million $$$ 🙂 is if or where is the option / configuration that makes the "Set time zone automatically" greyed out. Any ideas? Thanks
Tamper Protection Not turing on on newly deployed devices
I have no issue with device deployed before. Now new devices with Windows 11 22H2 Build 22621.525 are having this issue. Tamper Protection is enabled in Defender 365 Portal for all Endpoints. Intune configuration policy: Windows Security Experience. TamperProtection (Device) On Fails with error type 2 Error code 65000. Checking Event logs. MDM ConfigurationManager: Command failure status. Configuration Source ID: (C127515F-5427-49C7-B6AE-4275FB1AE464), Enrollment Name: (MDMDeviceWithAAD), Provider Name: (Defender), Command Type: (Add: from Replace or Add), CSP URI: (./Vendor/MSFT/Defender/Configuration/TamperProtection), Result: (The system cannot find the file specified.). I only have this issue on newly deployed devices
